Jump to content
Not connected, Your IP: 3.238.130.97
Sign in to follow this  
salacronix

When you don't read instructions...

Recommended Posts

This does not actually work as shown.
TLS key usage mode only works with TLS Authentication.
Auth digest algorithm only works with SHA1 (160 bit).
This is with PFsense 2.50 release.

Share this post


Link to post
@salacronix

Hello!

TLS mode is mandatory because it is required by our servers, and for very good reasons. You can pick between TLS Auth and TLS Crypt. TLS Crypt is recommended, as it encrypts completely the Control Channel (important to prevent detection of OpenVPN handshake "fingerprint" by Deep Packet Inspection).

Kind regards
 

Share this post


Link to post
5 hours ago, Staff said:
@salacronix

Hello!

TLS mode is mandatory because it is required by our servers, and for very good reasons. You can pick between TLS Auth and TLS Crypt. TLS Crypt is recommended, as it encrypts completely the Control Channel (important to prevent detection of OpenVPN handshake "fingerprint" by Deep Packet Inspection).

Kind regards
 
I appreciate you chiming in, but I was referencing the guide at https://nguvu.org/pfsense/pfsense-baseline-setup/
In the setup for the VPN the screen shot shows "TLS Encryption and Authentication". That does not work. Only "TLS Authentication" works.
Additionally for Auth digest algorithm he shows SHA512 , that does not work. Auth digest algorithm only works with SHA1 (160 bit).

If you find this not to be the case, then there is something definitely wrong with PFsense 2.5. and I should probably look for another firewall.
 

Share this post


Link to post
5 minutes ago, salacronix said:
I appreciate you chiming in, but I was referencing the guide at https://nguvu.org/pfsense/pfsense-baseline-setup/
In the setup for the VPN the screen shot shows "TLS Encryption and Authentication". That does not work. Only "TLS Authentication" works.
Additionally for Auth digest algorithm he shows SHA512 , that does not work. Auth digest algorithm only works with SHA1 (160 bit).

If you find this not to be the case, then there is something definitely wrong with PFsense 2.5. and I should probably look for another firewall.
 


The guide is for a tls-crypt setup where those settings are what work.  What you're missing is that you need to connect to an entry IP 3 or 4.  The guide actually says " please double check you select an appropriate ‘tls-crypt, tls1.2’ end point. This is a common source of problems."

Share this post


Link to post
1 hour ago, go558a83nk said:


The guide is for a tls-crypt setup where those settings are what work.  What you're missing is that you need to connect to an entry IP 3 or 4.  The guide actually says " please double check you select an appropriate ‘tls-crypt, tls1.2’ end point. This is a common source of problems."

Well then that would point to a problem with the AirVPN config generator. In the config it specifically shows the remote as "nl.vpn.airdns.org". Will that return the wrong list of servers?

Share this post


Link to post
5 minutes ago, salacronix said:

Well then that would point to a problem with the AirVPN config generator. In the config it specifically shows the remote as "nl.vpn.airdns.org". Will that return the wrong list of servers?

No, the problem is with you unable to follow directions.

In the tutorial, the first directive in the "generate AirVPN certificates" section is to enable advanced mode.  Have you turned on advanced mode in the config generator?

Share this post


Link to post
25 minutes ago, go558a83nk said:

No, the problem is with you unable to follow directions.
Oh I am completely turned on now. Please continue. Your such a big strong boy. Are you wearing leather?

Share this post


Link to post
12 minutes ago, salacronix said:

Are you wearing leather?


Enchanted netherite armor, straight outta hell. Cut the salt, please.
You too, Mr. go558a83nk.
 
47 minutes ago, salacronix said:

Will that return the wrong list of servers? 


Yes. To get the tls-crypt address, use nl3.vpn.airdns.org. For more DNS tricks, refer to the server IP FAQ entry. I too believe this to be the reason why it doesn't seem to work, give it a try.

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post
6 minutes ago, OpenSourcerer said:

Enchanted netherite armor, straight outta hell. Cut the salt, please.
You too, Mr. go558a83nk.
 
Yes. To get the tls-crypt address, use nl3.vpn.airdns.org. For more DNS tricks, refer to the server IP FAQ entry. I too believe this to be the reason why it doesn't seem to work, give it a try.
Pfsense still doesn't like it. Thanks for the help, I will just fall back to the Eddie setup for now. 😊

Share this post


Link to post
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...